Added mailto protocol to safe list
This commit is contained in:
parent
efb486511c
commit
c70a256eb1
@ -218,6 +218,9 @@ describe("XSS", function () {
|
|||||||
}, {
|
}, {
|
||||||
entered: 'WWW.SOMETHING.COM/?x=dKasdDAsd4JAsd3OAJSD23osajAidj',
|
entered: 'WWW.SOMETHING.COM/?x=dKasdDAsd4JAsd3OAJSD23osajAidj',
|
||||||
href: 'http://WWW.SOMETHING.COM/?x=dKasdDAsd4JAsd3OAJSD23osajAidj',
|
href: 'http://WWW.SOMETHING.COM/?x=dKasdDAsd4JAsd3OAJSD23osajAidj',
|
||||||
|
}, {
|
||||||
|
entered: 'mailto:test@mail.org',
|
||||||
|
href: 'mailto:test@mail.org',
|
||||||
}];
|
}];
|
||||||
|
|
||||||
function checkNonParsedURL (url) {
|
function checkNonParsedURL (url) {
|
||||||
@ -259,6 +262,9 @@ describe("XSS", function () {
|
|||||||
await mock.sendMessage(view, good_urls[4].entered);
|
await mock.sendMessage(view, good_urls[4].entered);
|
||||||
checkParsedURL(good_urls[4]);
|
checkParsedURL(good_urls[4]);
|
||||||
|
|
||||||
|
await mock.sendMessage(view, good_urls[5].entered);
|
||||||
|
checkParsedURL(good_urls[5]);
|
||||||
|
|
||||||
done();
|
done();
|
||||||
}));
|
}));
|
||||||
});
|
});
|
||||||
|
@ -22,7 +22,7 @@ import tpl_video from "../templates/video.js";
|
|||||||
import u from "../headless/utils/core";
|
import u from "../headless/utils/core";
|
||||||
|
|
||||||
const URL_REGEX = /\b(https?\:\/\/|www\.|https?:\/\/www\.)[^\s<>]{2,200}\b\/?/g;
|
const URL_REGEX = /\b(https?\:\/\/|www\.|https?:\/\/www\.)[^\s<>]{2,200}\b\/?/g;
|
||||||
const APPROVED_URL_PROTOCOLS = ['http', 'https', 'xmpp'];
|
const APPROVED_URL_PROTOCOLS = ['http', 'https', 'xmpp', 'mailto'];
|
||||||
|
|
||||||
function getAutoCompleteProperty (name, options) {
|
function getAutoCompleteProperty (name, options) {
|
||||||
return {
|
return {
|
||||||
|
Loading…
Reference in New Issue
Block a user